Meta

Category Wordpress News

The true definition of a WordPress Plugin is code that goes into the core of your site and allows you to change appearance, security, or other settings. With the access and amount of plugins that are out there, is there any way to be sure they are secure? I have posted several times about plugins that have security vulnerabilities that allows hackers/script kiddies to download your wp-config.php file, gain access to your root, or make themselves an admin. Is there truly a way to protect yourself from probing attacks?

So I have been preparing for some major things with my full time job. I left the site up and have not refreshed things in a while. Not to say that I did not update the plugins, themes, and core WordPress; that is a requirement of any site. However content and posts were idle for a few months. This post shares some insight from my backend, where probes went, and now the IPs that are at fault. I share this information in the hopes fellow site builders can be proactive, possibly by banning the IP address prior to defacing attempts, or possibly just raising the red flag just a little bit more as you watch hits coming in to your site. Whatever the case, here is the long list:

Block the main User Agents that are behind a lot of bad traffic, User-Agent libwww-perl and Microsoft-WebDAV-MiniRedir. If your using a Linux server, be sure to add the following lines in your .htaccess file:

Be aware that this will block all User Agents both good and bad, of libwww-perl and Microsoft-WebDAV-MiniRedir. The majority of this traffic is bad however, so its a necessary fix.

Second:

Install the plugin Statpress or another hit tracking plugin to allow you to see the interactions of all IPs on your site. This includes 404 hits which you will find being a goldmine in the aspect of seeing what pages these script kids are trying to use to get in your backend. Not all tracking plugins are made the same, so test them out.

Third:

Make a backup. This is huge!!! A backup of every database and file should be done weekly at a minimum, daily if possible...